4 matches found
CVE-2023-48218
The Strapi Protected Populate Plugin protects get endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has bee...
CVE-2023-48218
The CVE-2023-48218 issue affects the Strapi Protected Populate Plugin. Pre-1.3.4 versions allowed bypassing field-level security by populating fields the user should not access on get endpoints. It has been patched in version 1.3.4; no workarounds are documented. CVSSv3.1 base score 5.3 (NETWORK,...
Strapi Security Vulnerabilities
Strapi is an open source content management system CMS. A security vulnerability exists in Strapi Protected Populate Plugin versions prior to 1.3.4. An attacker could exploit the vulnerability to populate certain fields...
PT-2023-30736 · Strapi · Strapi Protected Populate Plugin
Name of the Vulnerable Software and Affected Versions: Strapi Protected Populate Plugin versions prior to 1.3.4 Description: The issue allows users to bypass field level security, enabling them to populate fields they do not have access to. This affects get endpoints, which are protected by the...